Category Started On Completed On Duration Cuckoo Version
FILE 2014-07-07 03:24:53 2014-07-07 03:27:43 170 seconds 1.2-dev
Machine Label Manager Started On Shutdown On
machine4 xpmachine4 VirtualBox 2014-07-07 03:24:53 2014-07-07 03:27:41

File Details

File name Notification_72384792387498237989237498237498.exe
File size 67584 bytes
File type PE32 executable (GUI) Intel 80386, for MS Windows
CRC32 A45479F0
MD5 2c286a551d3ed1caffb0f679f9473e65
SHA1 dd3a97c10e96ccdf9422e4ce482aa32431f007bf
SHA256 2b920fe150ecbadc2d7befa45bc9a30e74c0e36269facfca745127d55b338977
SHA512 9b63c07dc1aa9b94cf174fab7c8f78e58cbda226cf99404d95ed533b00d4f6ff98cef1b6187fb1173463414bb2d98298102a59714ca4098158fb5150540733ce
Ssdeep None
PEiD None matched
Yara None matched
VirusTotal Permalink
VirusTotal Scan Date: 2014-07-07 07:24:22
Detection Rate: 1/54 (Expand)

Signatures

File has been identified by at least one AntiVirus on VirusTotal as malicious
The binary likely contains encrypted or compressed data.
Installs itself for autorun at Windows startup

Screenshots

Static Analysis

Sections

Imports

Strings

Dropped Files

Nothing to display.

Network Analysis

Hosts Involved

Behavior Summary

Files
  • C:\DOCUME~1\TDW\LOCALS~1\Temp\Ny35
  • C:
  • C:\
Mutexes Nothing to display.
Registry Keys
  • HKEY_CURRENT_USER\Software//Folders
  • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Disk\Enum
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall

Processes

registry filesystem process services network synchronization

Notification_72384792387498237989237498237498.exe PID: 984, Parent PID: 428

Volatility

Nothing to display.